
United States Patent and Trademark Office 



UNITED STATES DEPARTMENT OF COMMERCE 
United States Patent and Trademark Office 
Address: COMMISSIONER FOR PATENTS 
P.O. Box 1450 

Alexandria, Virginia 22313-1450 
www.uspto.gov 



APPLICATION NO. 


FILING DATE 


FIRST NAMED INVENTOR 


ATTORNEY DOCKET NO. | 


CONFIRMATION NO. 


10/608,768 


06/27/2003 


Alcxandru Gavrilescu 


30835/305573 


8097 



45373 7590 10/04/2007 

MARSHALL, GERSTEIN & BORUN LLP (MICROSOFT) 
233 SOUTH W ACKER DRIVE 
6300 SEARS TOWER 
CHICAGO, IL 60606 



EXAMINER 



JOHNSON, CARLTON 



ART UNIT 



PAPER NUMBER 



2136 



MAIL DATE 



DELIVERY MODE 



10/04/2007 



PAPER 



Please find below and/or attached an Office communication concerning this application or proceeding. 

The time period for reply, if any, is set in the attached communication. 



PTOL-90A (Rev. 04/07) 



Application No. 



Applicant(s) 




10/608,768 



GAVRILESCU ET AL 



Office Action Summary 



Examiner 



Art Unit 



Carlton V. Johnson 



2136 



- The MAILING DA TE of this communication appears on the cover sheet with the correspondence address - 
Period for Reply 

A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) OR THIRTY (30) DAYS, 
WHICHEVER IS LONGER, FROM THE MAILING DATE OF THIS COMMUNICATION. 
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DETAILED ACTION 

1 . This action is responding to application papers filed on 7-10-2007. 

2. Claims 20 - 26, 28 - 40, 42 - 47 are pending. Claims 20, 22, 26, 28, 34, 36, 40 
have been amended. Claims 1-19, 27, 41 have been cancelled. Claims 20, 22, 26, 
29, 32, 34, 36, 40, 43, 46 are independent. 

Response to Arguments 

3. Applicant's arguments filed 7/10/2007 have been fully considered but they are moot 
in view of the new grounds of rejection. 

3.1 Claims 23, 25, 28, 37, 39, 42 are allowable. 

Claims 23, 25, 28, 37, 39, 42 are objected to as being dependent upon a rejected 
base claim, but would be allowable if rewritten in independent form including all of the 
limitations of the base claim and any intervening claims. 

Applicant's arguments, see Applicant Arguments/Remarks Made in an 
Amendment, filed July 7, 2007, with respect to the rejection(s) of claim(s) 23, 25, 28, 37, 
39, 42 under 35 U.S.C. 102(e) as being anticipated by Yeager et al. (US PGPUB No. 
20050086300) and 35 U.S.C. 103(a) as being unpatentable over Yeager in view of 
Yellepeddy etal. (US Patent No. 20040111607) have been fully considered and are 
persuasive. Therefore, the rejection(s) has been withdrawn. 
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However, upon further consideration, a new ground(s) of rejection is made in 
view of Yeager, Aquilera, Yellepeddy, and Pabla. 

3.2 The Yeager prior art disclose the capability to publish information (i.e. including a 
certificate), and the capability for peers to have persistent storage (i.e. database) for 
access to the published security information (i.e. certificate), (see Yeager paragraph 
[0256], lines 1-10) 

The Yeager and Aguilera prior art combination discloses a bitmap to be utilized as 
bits of revocation data. This is equivalent to applicant's invention whereby the 
manipulation of a bitmap to indication revocation information, (see Aguilera paragraph 
[0031], lines 1-5: bitmap representation for revocation list; paragraph [0027], lines 17- 
20: update revocation list, in order to revoke an entity (i.e. member)) 

3.3 The examiner has considered the applicant's remarks concerning a system for 
providing security to a set of interconnected network nodes includes the capability to 
monitor calls to the system, a group security manager configured to perform security- 
related acts by interacting with a group database to propagate security-related 
information to members of the group. Applicant's arguments have thus been fully 
analyzed and considered but they are not persuasive. 

After an additional analysis of the applicant's invention, remarks, and a search of 
the available prior art, it was determined that the current set of prior art consisting of 
Yeager (20050086300), Aquilera (20040243827), Yellepeddy (200401 1 1607) and Pabla 
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(20040162871) discloses the applicant's invention including disclosures in Remarks 
dated July 10, 2007. 

Claim Rejections - 35 USC §112 

4. The following is a quotation of the first paragraph of 35 U.S.C. 112: 

The specification shall contain a written description of the invention, and of the manner and process of 
making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the 
art to which it pertains, or with which it is most nearly connected, to make and use the same and shall 
set forth the best mode contemplated by the inventor of carrying out his invention. 

Claims 20, 34 are rejected under 35 U.S.C. 112, first paragraph, as based on a 
disclosure, which is not enabling. 

There is no disclosure for this assertion in the specification and the original claims. 
The only disclosure for a second member is in the original claims. The original claims 
state that a first member connects to a second member. There is no indication to 
designate any particular member is making the certificate renewal request. 

This disclosure is critical or essential to the practice of the invention, but not 
included in the claim(s) is not enabled by the disclosure. See In re Mayhew, 527 
F.2d 1229, 188 USPQ 356 (CCPA 1976). 

Claims 26, 40 are rejected under 35 U.S.C. 112, first paragraph, as based on a 
disclosure, which is not enabling. 

There is no disclosure for this assertion in the specification and the original 
claims. The only disclosure for a published token in a graph database is in claim 41. 
The claim limitation states that security related information is available to the group 
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member There is no disclosure of the availability of information to each member of the 
"secure" group. There is no disclosure that specifically the published token is the one 
piece of security related information made available to the each group member. 

This disclosure is critical or essential to the practice of the invention, but not 
included in the claim(s) is not enabled by the disclosure. See In re Mayhew, 527 
F.2d 1229, 188 USPQ 356 (CCPA 1976). 

Claim Rejections - 35 USC § 103 

5. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

6. Claims 20, 21, 22, 24, 34, 35, 36, 38, 39 are rejected under 35 U.S.C. 103(a) as 
being unpatentable over Yeager in view of Yellepeddy et al. (US Patent No, 
20040111607). 

Regarding Claims 20, 34, Yeager discloses a method for a member in a group within a 
graph of interconnected peer nodes to granting privileges, the method comprising: 
a) receiving a certificate renewal request to a second member in the group; (see 

Yeager paragraph [paragraph [0225], lines 9-13: pipes, communications channel 

for data transmission between peer members) 
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Yeager discloses wherein the capability to renew membership in a peer group, and 
wherein the renewal is based on authorization from the administrator or based on 
one or more security policies, (see Yeager paragraph [0558], lines 4-8: membership 
renewal (i.e. remove, add) capability; paragraph [0225], lines 4-9: security policies 
utilized) Yeager does not specifically disclose the capability to renew a certificate. 
However, Yellepeddy discloses: 

b) requesting by the second member authorization from an administrator different 
from the second member for renewing the certificate, (see Yellepeddy paragraph 
[0092], lines 1-5: renew certificate) 
It would have been obvious to one of ordinary skill in the art to modify Yeager 
as taught by Yellepaddy to enable the capability to renew a certificate in the 
processing of authentication information. One of ordinary skill in the art would have 
been motivated to employ the teachings of Yellepaddy in order to, within a 
cryptographic authentication environment, optimize verification and validation of the 
availability of a certificate utilizing an online status check protocol, (see Yellepaddy 
paragraph [0010], lines 1-4: " ... would be advantageous to have a method and 
system that for configuring a set of OCSP responders in order to improve the 
availability of each of the OCSP responders, . . . ") 

Regarding Claims 21, 35, Yeager discloses the method, computer-readable medium of 
claims 20, 34 wherein the renewal is based on the security policies if the authorization 
from the administrator is not received, (see Yeager paragraph [0086], lines 1-7: 
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software; paragraph [0225], lines 4-9: membership based on policies) Yeager does not 
specifically disclose the capability to renew a certificate. However, Yellepeddy 
discloses wherein the capability for the renewal of a certificate, (see Yellepeddy 
paragraph [0092], lines 1-5: renew certificate) 

It would have been obvious to one of ordinary skill in the art to modify Yeager as 
taught by Yellepaddy to enable the capability to renew a certificate in the processing of 
authentication information. One of ordinary skill in the art would have been motivated 
to employ the teachings of Yellepaddy in order to, within a cryptographic authentication 
environment, to optimize verification and validation of the availability of a certificate 
utilizing an online status check protocol, (see Yellepaddy paragraph [0010], lines 1-4) 

Regarding Claims 22, 36, Yeager discloses a method, computer-readable medium 
having computer-executable instructions to perform acts for a member in a group within 
a graph of interconnected peer nodes to renew a certificate granting privileges, the 
method comprising: 

Yeager discloses the capability to publish content, peer information or records (see 
Yeager paragraph [0086], lines 1-7: software, computer readable medium; 
paragraph [0223], lines 6-11: publish content, peer information or records), and the 
capability to renew membership based on security policies (see Yeager paragraph 
[0225], lines 4-9: renew membership). Yeager does not specifically disclose the 
capability to renew a certificate. 
However, Yellepeddy discloses: 
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a) a request to renew the certificate , wherein the certificate is published ; (see 
Yellepeddy paragraph [0011], lines 7-11: request; paragraph [0225], lines 4-9: 
renew certificate) and 

b) performing renewal of the published certificate , (see Yellepeddy paragraph 
[0092], lines 1-5: renew certificate) 

It would have been obvious to one of ordinary skill in the art to modify Yeager 
as taught by Yellepaddy to enable the capability to process a request to renew a 
certificate in the processing of authentication information. One of ordinary skill in 
the art would have been motivated to employ the teachings of Yellepaddy in order 
to, within a cryptographic authentication environment, to optimize verification and 
validation of the availability of a certificate utilizing an online status check protocol, 
(see Yellepaddy paragraph [0010], lines 1-4) 

Regarding Claims 24, 38, Yeager discloses the method, computer-readable medium of 
claims 22, 36. (see Yeager paragraph [0086], lines 1-7: software, computer readable 
medium) Yeager does not specifically disclose the capability to process a certificate 
chain, or renew a certificate. However, Yellepeddy disclose wherein the renewal is 
repeated if a shorter chain can be achieved, (see Yellepeddy paragraph [0057], lines 
16-19; paragraph [0079], lines 1-5; paragraph [0079], lines 14-22: certificate chain 
processing, chain length (i.e. short or long); paragraph [0225], lines 4-9: renew 
certificate) 
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It would have been obvious to one of ordinary skill in the art to modify Yeager as 
taught by Yellepaddy to enable the capability to utilize a certificate chain, and renew a 
certificate in the processing of authentication information. One of ordinary skill in the 
art would have been motivated to employ the teachings of Yellepaddy in order to, within 
a cryptographic authentication environment, to optimize verification and validation of the 
availability of a certificate utilizing an online status check protocol, (see Yellepaddy 
paragraph [0010], lines 1-4) 

7. Claims 32, 33, 46, 47 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Yeager in view of Aguilera et al. (US Patent No. 20040243827). 

Regarding Claims 32, 46, Yeager discloses a method, computer-readable medium 
having computer-executable instructions to perform acts for revoking one or more 
members of a group of interconnected nodes within a graph, the method comprising: 
a group of interconnected nodes or a graph (see Yeager paragraph [0029], lines 1-6: 
grouping of interconnected nodes), the usage of software for prior art 
implementation, and the usage of one or more serial numbers, the one or more 
serial numbers identifying the one or more members of the group, (see Yeager 
paragraph [0086], lines 1-7: software, computer-readable medium; paragraph 
[0173], lines 1-6: unique identification (i.e. UUID) or serial numbers as identification 
information) Yeager does not specifically disclose the usage or update of a 
revocation bitmap. 
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However, Aguilera discloses: 

a) identifying one or more bits in a revocation bit map, the bits identifying the one or 
more members of the group; (see Aguilera paragraph [0031], lines 1-5: bitmap 
representation for revocation list) and 

b) altering the one or more bits in the revocation bit map, the altering revoking the 
one or more members of the group, (see Aguilera paragraph [0031], lines 1-5: 
bitmap representation for revocation list; paragraph [0027], lines 17-20: update 
revocation list, in order to revoke an entity (i.e. member)) 

It would have been obvious to one of ordinary skill in the art to modify Yeager 
as taught by Aguilera to enable a bitmap representation for revocation list 
information. One of ordinary skill in the art would have been motivated to employ 
the teachings of Aguilera in order to, within a cryptographic authentication peer-to- 
peer environment, enable the capability to utilize a small amount storage for the 
bitmap revocation information, (see Aquilera paragraph [0031], lines 1-5: " ... It is 
worth noting that the group list and the revocation list can be stored as a bitmap or 
as explicit lists. The bitmap representation has the advantage that it is compact, but 
it requires capability identifiers to be small and thus limits the number of outstanding 
capabilities. ...") 

Regarding Claims 33, 47, Yeager discloses the method, computer-readable medium of 
claims 32, 46. (see Yeager paragraph [0086], lines 1-7: software, computer-readable 
medium) Yeager does not specifically disclose the usage or update of a revocation 
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bitmap. However, Aguilera discloses wherein the revocation bitmap is scalable, (see 
Aquilera paragraph [0031], lines 1-5: bitmap representation for revocation list; 
paragraph [0033], lines 1-3: scalable, adjustable size for bitmap representation) 

It would have been obvious to one of ordinary skill in the art to modify Yeager as 
taught by Aguilera to enable a bitmap representation for revocation list information. 
One of ordinary skill in the art would have been motivated to employ the teachings of 
Aguilera in order to, within a cryptographic authentication peer-to-peer environment, 
enable the capability to utilize a small amount storage for the bitmap revocation 
information, (see Aquilera paragraph [0031], lines 1-5) 

Claim Rejections - 35 USC § 102 

8. The following is a quotation of 35 U.S.C. 102 which forms the basis for all 
obviousness rejections set forth in this Office action: 

(e) the invention was described in (1) an application for patent, published under section 122(b), by 
another filed in the United States before the invention by the applicant for patent or (2) a patent 
granted on an application for patent by another filed in the United States before the invention by the 
applicant for patent, except that an international application filed under the treaty defined in section 
351 (a) shall have the effects for purposes of this subsection of an application filed in the United States 
only if the international application designated the United States and was published under Article 21(2) 
of such treaty in the English language. 

9. Claims 26, 29, 30, 31, 40, 43, 44, 45 are rejected under 35 U.S.C. 102(e) as 
being anticipated by Yeager et al. (US PGPUB No. 20050086300). 

Regarding Claims 26, 40, Yeager discloses a method, computer-readable medium 
having computer-executable instructions to perform acts for ensuring that a publisher of 
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information in a record to a secure group in a graph of interconnected nodes has 
authority to publish to the secure group, the method comprising: 

a) creating a token (see Yeager paragraph [0577], lines 7-11: tokens, credentials 
utilized for security) for the publisher, the token containing information located in 
a role assigned to the publisher, the role identifying privileges of the publisher; 
(see Yeager paragraph [0578], lines 4-6: role assignments, privileges assigned) 
and 

b) matching the token (see Yeager paragraph [0577], lines 7-11: tokens, credentials 
utilized for security) against a security descriptor for the record to be published, 
the security descriptor providing a list of rights associated with each role, wherein 
the token is published in a graph database, the graph database makes available 
security related information including the published token to each member of the 
secure group., (see Yeager paragraph [0578], lines 4-6: privileges, access 
control list linked to role; paragraph [0256], lines 1-3: storage, database 
containing security information)) 

Regarding Claims 29, 43, Yeager discloses a method, computer-readable medium 
having computer-executable instructions to perform acts for revoking a member of a 
group of interconnected nodes within a graph, the method comprising: 

a) publishing a revocation record to the group, the revocation record identifying the 
member; (see Yeager paragraph [0086], lines 1-6: software, computer readable 
medium; paragraph [0223], lines 6-11: publish content, peer information or 
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records: publish content, peer information; paragraph [0558], lines 4-8: remove or 
revoke membership) and 
b) revoking any records published by the member according to the revocation 
record, (see Yeager paragraph [0223], lines 6-11: publish content, peer 
information or records; paragraph [0558], lines 4-8: remove or revoke 
membership) 

Regarding Claims 30, 44, Yeager discloses the method, computer-readable medium of 
claims 29, 43 wherein the revocation record is published with validation time sufficient to 
ensure that a current certificate of the revoked group member expires before the 
revocation, (see Yeager paragraph [0591], lines 7-10: expiration time period for 
credentials; paragraph [0558], lines 4-8: remove or revoke membership; paragraph 
[0135], lines 1-3; paragraph [0135], lines 5-11: certificate utilization) 

Regarding Claims 31, 45, Yeager discloses the method, computer-readable medium of 
claim 29 wherein if the member to be revoked is an administrator, the administrator 
privileges are first deprecated prior to the publishing the revocation record, (see Yeager 
paragraph [0086], lines 1-6: software, computer readable medium; paragraph [0558], 
lines 4-8: some members, managers, administrators to remove membership in peer 
group) 
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Conclusion 

Allowable Subject Matter: 

Claims 23, 25, 28, 37, 39, 42 are allowable. 

Claims 23, 25, 28, 37, 39, 42 are objected to as being dependent upon a rejected 
base claim, but would be allowable if rewritten in independent form including all of the 
limitations of the base claim and any intervening claims. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Carlton V. Johnson whose telephone number is 571- 
270-1032. The examiner can normally be reached on Monday thru Friday , 8:00 - 
5:00PM EST. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Nasser Moazzami can be reached on 571-272-4195. The fax phone 
number for the organization where this application or proceeding is assigned is 571- 
273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
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USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 



Carlton V. Johnson 
Examiner 
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SUPERVISORY PATENT EXAMINER 
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